Merge pull request #77 from tokensmith/release-1.3.3

Release 1.3.3

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 RootServices
+Copyright (c) 2020 TokenSmith
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -1,16 +1,22 @@
 [JSON Web Tokens](https://tools.ietf.org/html/rfc7519)
 ---------------------------------------------------------------------------------------------------------------------
 
-[![Build Status](https://travis-ci.org/RootServices/jwt.svg?branch=development)](https://travis-ci.org/RootServices/jwt)
+[![Build Status](https://travis-ci.org/TokenSmith/jwt.svg?branch=development)](https://travis-ci.org/TokenSmith/jwt)
 
 
 Documentation
 ------------
- More documentation is available [here](http://rootservices.github.io/jwt/).
+ More documentation is available [here](http://tokensmith.github.io/jwt/).
 
 Quick Start
 -----------
 This is a Java implementation of JWT, JWS, and JWE.
+
+ - [Unsecured JWT](#unsecured-jwt)
+ - [Read a compact JWT](#read-a-compact-jwt)
+ - [Asymmetric Key](#asymmetric-key)
+ - [Symmetric Key](#symmetric-key)
+ - [Generate Key](#generate-key)
 
 ## Unsecured JWT
 ```java
@@ -19,17 +25,40 @@ UnsecureCompactBuilder compactBuilder = new UnsecureCompactBuilder();
 Claim claim = new Claim();
 claim.setUriIsRoot(true);
 
-ByteArrayOutputStream encodedJwt = compactBuilder.claims(claim).build();
+ByteArrayOutputStream encodedJwt = compactBuilder
+    .claims(claim)
+    .build();
 ```
+## Read a compact JWT
+```java
+JwtAppFactory appFactory = new JwtAppFactory();
+
+String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJodHRwOi8vZXhhbXBsZS5jb20vaXNfcm9vdCI6dHJ1ZX0.TeZ3DKSE-gplbaoA8CK_RMojt8CfA1MTYaM_ZuOeGNw";
+JwtSerde jwtSerde = appFactory.jwtSerde();
+
+JsonWebToken<Claim> jsonWebToken;
+try {
+    jsonWebToken = jwtSerde.stringToJwt(jwt, Claim.class);
+} catch (InvalidJWT | JsonToJwtException e) {
+    // may not have been a jwt
+    // may not have been able to deserialize the header or claims.
+    throw e;
+}
+
+// Can access claims in, jsonWebToken.
+```
+
 
 ## JWS Compact Serialization
 
 ### Asymmetric key
+
+#### Create
 ```java
 SecureCompactBuilder compactBuilder = new SecureCompactBuilder();
 
-RSAKeyPair key = Factory.makeRSAKeyPair();
-key.setKeyId(Optional.of("test-key-id"));
+KeyGenerator keyGenerator = jwtAppFactory.keyGenerator();
+SymmetricKey key = keyGenerator.symmetricKey(Optional.of(""test-key-id""), Use.SIGNATURE);
 
 Claim claim = new Claim();
 claim.setUriIsRoot(true);
@@ -40,7 +69,29 @@ ByteArrayOutputStream actual = compactBuilder.alg(Algorithm.RS256)
         .build();
 ```
 
+#### Verify Signature
+```java
+RSAPublicKey publicKey = new RSAPublicKey(
+    Optional.of("test-key-id"),
+    Use.SIGNATURE,
+    new BigInteger("20446702916744654562596343388758805860065209639960173505037453331270270518732245089773723012043203236097095623402044690115755377345254696448759605707788965848889501746836211206270643833663949992536246985362693736387185145424787922241585721992924045675229348655595626434390043002821512765630397723028023792577935108185822753692574221566930937805031155820097146819964920270008811327036286786392793593121762425048860211859763441770446703722015857250621107855398693133264081150697423188751482418465308470313958250757758547155699749157985955379381294962058862159085915015369381046959790476428631998204940879604226680285601"),
+    new BigInteger("65537")
+);
+
+JwtAppFactory appFactory = new JwtAppFactory();
+VerifySignature verifySignature;
+
+try {
+    verifySignature = appFactory.verifySignature(Algorithm.RS256, publicKey);
+} catch (SignatureException e) {
+    throw e;
+}
+
+boolean isSignatureValid = verifySignature.run(jsonWebToken);
+```
 ### Symmetric key
+
+#### Create
 ```java
 SecureCompactBuilder compactBuilder = new SecureCompactBuilder();
 
@@ -55,10 +106,29 @@ ByteArrayOutputStream actual = compactBuilder.alg(Algorithm.HS256)
         .claims(claim)
         .build();
 ```
-
+#### Verify Signature
+```java
+SymmetricKey key = new SymmetricKey(
+    Optional.of("test-key-id"),
+    "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow",
+    Use.SIGNATURE
+);
+
+JwtAppFactory appFactory = new JwtAppFactory();
+VerifySignature verifySignature = null;
+try {
+    verifySignature = appFactory.verifySignature(Algorithm.HS256, key);
+} catch (SignatureException e) {
+    throw e;
+}
+
+boolean isSignatureValid = verifySignature.run(jsonWebToken);
+```
 ## JWE Compact Serialization
 
 ### Asymmetric key
+
+#### Create
 ```java
 EncryptedCompactBuilder compactBuilder = new EncryptedCompactBuilder();
 
@@ -75,6 +145,8 @@ ByteArrayOutputStream actual = compactBuilder.encAlg(EncryptionAlgorithm.AES_GCM
 ```
 
 ### Symmetric key
+
+#### Create
 ```java
 EncryptedCompactBuilder compactBuilder = new EncryptedCompactBuilder();
 
@@ -89,3 +161,21 @@ ByteArrayOutputStream actual = compactBuilder.encAlg(EncryptionAlgorithm.AES_GCM
         .cek(key)
         .build();
 ```
+
+## Generate Key
+
+### Symmetric Key
+```java
+JwtAppFactory jwtAppFactory = new JwtAppFactory();
+
+KeyGenerator keyGenerator = jwtAppFactory.keyGenerator();
+SymmetricKey key = keyGenerator.symmetricKey(Optional.of("123"), Use.SIGNATURE);
+```
+
+### Asymmetric Key
+```java
+JwtAppFactory jwtAppFactory = new JwtAppFactory();
+
+KeyGenerator keyGenerator = jwtAppFactory.keyGenerator();
+RSAKeyPair key = subject.rsaKeyPair(KeyGenerator.RSA_1024, Optional.of("123"), Use.SIGNATURE);
+```

build.gradle

@@ -5,22 +5,23 @@ plugins {
 }
 
 repositories {
+    maven { url "https://oss.sonatype.org/content/repositories/snapshots" }
+    maven { url "https://oss.sonatype.org/content/repositories/releases" }
+    mavenCentral()
     mavenLocal()
-    maven {
-        url = 'http://repo.maven.apache.org/maven2'
-    }
 }
 
 group = 'net.tokensmith'
-version = '1.3.2'
-description = 'Interface used in Otter Web Framework to help serializing to/from JSON'
+version = '1.3.3'
+description = 'Java implementation of JWT'
 
 sourceCompatibility = 12
 targetCompatibility = 12
 
 ext {
-    jacksonVersion = '2.9.10'
-    log4jVersion = '2.12.1'
+    jacksonVersion = '2.11.0'
+    log4jVersion = '2.13.3'
+    slf4jVersion = '1.7.30'
     mockitoVersion = '2.28.2'
 }
 
@@ -29,8 +30,10 @@ dependencies {
     implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
     implementation "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:${jacksonVersion}"
     implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${jacksonVersion}"
-    implementation "org.apache.logging.log4j:log4j-api:${log4jVersion}"
-    implementation "org.apache.logging.log4j:log4j-core:${log4jVersion}"
+    compile "org.slf4j:slf4j-simple:${slf4jVersion}"
+    compile "org.apache.logging.log4j:log4j-1.2-api:${log4jVersion}"
+    compile "org.apache.logging.log4j:log4j-api:${log4jVersion}"
+    compile "org.apache.logging.log4j:log4j-core:${log4jVersion}"
 
     testImplementation group: 'junit', name: 'junit', version:'4.12'
     testImplementation group: 'org.hamcrest', name: 'hamcrest-all', version:'1.3'
@@ -61,18 +64,18 @@ publishing {
                 name = 'jwt'
                 packaging = 'jar'
                 description = 'Java Implementation of JSON Web Tokens'
-                url = 'https://github.com/RootServices/jwt'
+                url = 'https://github.com/TokenSmith/jwt'
 
                 scm {
-                    connection = 'git@github.com:RootServices/jwt.git'
-                    developerConnection = 'git@github.com:RootServices/jwt.git'
-                    url = 'https://github.com/RootServices/jwt'
+                    connection = 'git@github.com:TokenSmith/jwt.git'
+                    developerConnection = 'git@github.com:TokenSmith/jwt.git'
+                    url = 'https://github.com/TokenSmith/jwt'
                 }
 
                 licenses {
                     license {
                         name = 'The MIT License (MIT)'
-                        url = 'https://github.com/RootServices/jwt/blob/development/LICENSE'
+                        url = 'https://github.com/TokenSmith/jwt/blob/development/LICENSE'
                     }
                 }
 
@@ -115,3 +118,7 @@ javadoc {
     }
 }
 
+tasks.withType(JavaCompile) {
+    options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
+}
+

src/main/java/net/tokensmith/jwt/builder/compact/EncryptedCompactBuilder.java

@@ -5,8 +5,6 @@
 import net.tokensmith.jwt.entity.jwk.SymmetricKey;
 import net.tokensmith.jwt.entity.jwt.header.Algorithm;
 import net.tokensmith.jwt.entity.jwt.header.Header;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
 import net.tokensmith.jwt.builder.exception.CompactException;
 import net.tokensmith.jwt.config.JwtAppFactory;
 import net.tokensmith.jwt.jwe.entity.JWE;
@@ -15,13 +13,15 @@
 import net.tokensmith.jwt.jws.signer.factory.rsa.exception.PublicKeyException;
 import net.tokensmith.jwt.serialization.exception.EncryptException;
 import net.tokensmith.jwt.serialization.exception.JsonToJwtException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.ByteArrayOutputStream;
 import java.util.Base64;
 import java.util.Optional;
 
 public class EncryptedCompactBuilder {
-    private static final Logger LOGGER = LogManager.getLogger(EncryptedCompactBuilder.class);
+    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedCompactBuilder.class);
     public static final String UNABLE_TO_BUILD_COMPACT_JWE = "Unable to build compact jwe";
     private static JwtAppFactory jwtAppFactory = new JwtAppFactory();
 

src/main/java/net/tokensmith/jwt/builder/compact/SecureCompactBuilder.java

@@ -3,18 +3,18 @@
 import net.tokensmith.jwt.entity.jwk.Key;
 import net.tokensmith.jwt.entity.jwt.Claims;
 import net.tokensmith.jwt.entity.jwt.header.Algorithm;
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
 import net.tokensmith.jwt.builder.exception.CompactException;
 import net.tokensmith.jwt.config.JwtAppFactory;
 import net.tokensmith.jwt.exception.SignatureException;
 import net.tokensmith.jwt.jws.serialization.SecureJwtSerializer;
 import net.tokensmith.jwt.serialization.exception.JwtToJsonException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.ByteArrayOutputStream;
 
 public class SecureCompactBuilder {
-    private static final Logger LOGGER = LogManager.getLogger(SecureCompactBuilder.class);
+    private static final Logger LOGGER = LoggerFactory.getLogger(SecureCompactBuilder.class);
     public static final String UNABLE_TO_BUILD_COMPACT_JWT = "Unable to build compact jwt";
     private static JwtAppFactory jwtAppFactory = new JwtAppFactory();